如何检查用户是否login在PHP?
我很新的PHP,我想弄清楚如何使用会话来检查,看看用户是否login到一个网站,以便他们将有权访问特定的网页。
这是一个复杂的问题,还是因为我是一个noob,我不明白?
谢谢您的帮助!
login不是太复杂,但是几乎所有login过程都需要一些特定的部分。
首先,确保在所有需要了解login状态的页面上启用会话variables,方法是将这些variables放在这些页面的开头:
session_start(); 接下来,当用户通过login表单提交用户名和密码时,通常通过查询包含用户名和密码信息的数据库(如MySQL)来检查用户名和密码。 如果数据库返回匹配,则可以设置一个会话variables来包含该事实。 您可能还想要包含其他信息:
if (match_found_in_database()) { $_SESSION['loggedin'] = true; $_SESSION['username'] = $username; // $username coming from the form, such as $_POST['username'] // something like this is optional, of course }
然后,在依赖login状态的页面上,input以下内容(不要忘记session_start() ):
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) { echo "Welcome to the member's area, " . $_SESSION['username'] . "!"; } else { echo "Please log in first to see this page."; }
这些是基本组件。 如果您需要SQL方面的帮助,网上有大量的教程。
在Login.html中:
<html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Login Form</title> </head> <body> <section class="container"> <div class="login"> <h1>Login</h1> <form method="post" action="login.php"> <p><input type="text" name="username" value="" placeholder="Username"></p> <p><input type="password" name="password" value="" placeholder="Password"></p> <p class="submit"><input type="submit" name="commit" value="Login"></p> </form> </div> </body> </html>
在Login.php中:
<?php $host="localhost"; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ session_start(); $_SESSION['loggedin'] = true; $_SESSION['username'] = $username; }
在Member.php中:
session_start(); if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) { echo "Welcome to the member's area, " . $_SESSION['username'] . "!"; } else { echo "Please log in first to see this page."; }
在MYSQL中:
CREATE TABLE `members` ( `id` int(4) NOT NULL auto_increment, `username` varchar(65) NOT NULL default '', `password` varchar(65) NOT NULL default '', PRIMARY KEY (`id`) ) TYPE=MyISAM AUTO_INCREMENT=2 ;
在Register.html中:
<html> <head> <title>Sign-Up</title> </head> <body id="body-color"> <div id="Sign-Up"> <fieldset style="width:30%"><legend>Registration Form</legend> <table border="0"> <form method="POST" action="register.php"> <tr> <td>UserName</td><td> <input type="text" name="username"></td> </tr> <tr> <td>Password</td><td> <input type="password" name="password"></td> </tr> <tr> <td><input id="button" type="submit" name="submit" value="Sign-Up"></td> </tr> </form> </table> </fieldset> </div> </body> </html>
在Register.php中:
<?php define('DB_HOST', ''); define('DB_NAME', ''); define('DB_USER',''); define('DB_PASSWORD',''); $con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error()); $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error()); $userName = $_POST['username']; $password = $_POST['password']; $query = "INSERT INTO members (username,password) VALUES ('$userName','$password')"; $data = mysql_query ($query)or die(mysql_error()); if($data) { echo "YOUR REGISTRATION IS COMPLETED..."; } else { echo "Unknown Error!" }
您想要执行会话检查的任何页面都需要从以下位置开始:
session_start();
从那里,你检查你的会议arrays的variables,指出他们login:
if (!$_SESSION["loggedIn"]) redirect_to_login();
logging他们只不过是设置了这个值:
$_SESSION["loggedIn"] = true;
else if (isset($_GET['actie']) && $_GET['actie']== "aanmelden"){ $username= $_POST['username']; $password= md5($_POST['password']); $query = "SELECT password FROM tbl WHERE username = '$username'"; $result= mysql_query($query); $row= mysql_fetch_array($result); if($password == $row['password']){ session_start(); $_SESSION['logged in'] = true; echo "Logged in"; } }
看到这个脚本的注册。 简单而且非常容易理解。
<?php define('DB_HOST', 'Your Host[Could be localhost or also a website]'); define('DB_NAME', 'databasename'); define('DB_USERNAME', 'Username[In many cases root but some sites offer MySql Page where the username might be different]'); define('DB_PASSWORD', 'whatever you keep[if username is root then 99% password is blank]'); $link = mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD); if (!$link) { die('Could not connect line 9'); } $DB_SELECT = mysql_select_db(DB_NAME, $link); if (!$DB_SELECT) { die('Could not connect line 15'); } $valueone = $_POST['name']; $valuetwo = $_POST['last_name']; $valuethree = $_POST['email']; $valuefour = $_POST['password']; $valuefive = $_POST['age']; $sqlone = "INSERT INTO user (name, last_name, email, password, age) VALUES ('$valueone','$valuetwo','$valuethree','$valuefour','$valuefive')"; if (!mysql_query($sqlone)) { die('Could not connect name line 33'); } mysql_close(); ?>
确保你使用phpMyAdmin制作所有数据库的东西。 它是一个非常简单的工具。 你可以在这里find它: http : //www.phpmyadmin.net/home_page/index.php
<?php session_start(); if(!isset($_SESSION["login"]) && $SESSION["login"] =="OK")){ header("Location: index.php"); exit; ?>
在检查当前会话之前,在所有页面上都需要
session_start();
检查$ _SESSION [“loggedIn”]( 不是 )是否为真 – 如果不是,则将它们redirect到login页面。
if($_SESSION["loggedIn"] != true){ //echo 'not logged in'; header("Location: login.php"); exit;
}
